Senior Information Security Analyst

Role Summary:

We are looking for an experienced Senior Cyber Security Analyst to lead and coordinate ISO 27001:2022 initiatives and continuous ISMS improvement activities in close collaboration with stakeholders and teams based in different countries where ELCA Group is present. The ideal candidate will play a key role in managing internal controls, internal & external audits, documentation, and reviews, while also supporting broader security and privacy-related responsibilities.

Key Responsibilities:

• Develop and maintain a comprehensive catalogue of ISO 27001 security controls, ensuring alignment with the organization’s risk posture, compliance requirements, and business objectives.
• Coordinate with Swiss teams and internal stakeholders to define, document, and formalize ISO 27001 internal controls.
• Continuously assess and verify the effectiveness of internal controls and collect related evidence.
• Ensure timely follow-up with control Owners; escalate as needed for resolution.
• Manage the lifecycle of internal and external audit findings, including assignment of responsibilities and action plans.
• Prepare audit evidence, liaise with auditors, and organize audit schedules and planning activities.
• Plan, schedule, and execute internal audits in alignment with ISO/IEC 27001:2022 requirements.
• Maintain and continuously improve the Information Security Management System (ISMS) and Integrated Management System (IMS) documentation.
• Responsible for the preparation of periodic Management Review Meetings.
• Contribute to additional cybersecurity, privacy, or compliance-related projects or initiatives as required.

Profile Requirements:

• Degree in Computer Science, Information Systems, or related discipline.
• Minimum 5 years of experience in IT, with at least 2 years in IT Security.
• 4+ years of hands-on experience in IT auditing or in the implementation/maintenance of ISO 27001 ISMS.
• Experience in working with multinational teams or global companies.
• Relevant certifications preferred (e.g., CISA, PECB ISO 27001:2022 Implementer or Auditor).
• Broad understanding of IT Security principles; some technical security exposure is a plus.
• Familiarity with GDPR and privacy regulations.
• Basic project management knowledge and strong organizational skills.
• Excellent interpersonal, communication, and negotiation skills for effective collaboration and follow-ups.
• Fluent in English and French (written and spoken).

What We Offer:

• Opportunity to work in a multinational and dynamic environment.
• Exposure to enterprise-grade security frameworks and international audits.
• Growth opportunities in the fields of cybersecurity, compliance, and data privacy.